Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2017-10-22 CVE-2017-15730 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
network
phpmyfaq CWE-352
6.8
6.8
2017-10-22 CVE-2017-15729 Cross-Site Request Forgery (CSRF) vulnerability in PHPmyfaq
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) for adding a glossary.
network
phpmyfaq CWE-352
6.8
6.8
2017-10-19 CVE-2017-15645 Cross-Site Request Forgery (CSRF) vulnerability in Webmin
CSRF exists in Webmin 1.850.
network
webmin CWE-352
6.8
6.8
2017-10-19 CVE-2017-12271 Cross-Site Request Forgery (CSRF) vulnerability in Cisco Spa300 Firmware and Spa500 Firmware
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device.
network
low complexity
cisco CWE-352
8.8
8.8
2017-10-18 CVE-2017-14956 Cross-Site Request Forgery (CSRF) vulnerability in Alienvault Unified Security Management 4.14
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. 		3.5
3.5
2017-10-18 CVE-2015-7715 Cross-Site Request Forgery (CSRF) vulnerability in Realtyna Property Listing 8.9/8.9.2
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
network
realtyna CWE-352
6.8
6.8
2017-10-18 CVE-2014-3709 Cross-Site Request Forgery (CSRF) vulnerability in Keycloak
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack of CSRF protection.
network
keycloak CWE-352
6.8
6.8
2017-10-17 CVE-2017-14011 Cross-Site Request Forgery (CSRF) vulnerability in Prominent Multiflex M10A Controller Firmware
A Cross-Site Request Forgery issue was discovered in ProMinent MultiFLEX M10a Controller web interface.
network
prominent CWE-352
6.8
6.8
2017-10-16 CVE-2017-15296 Cross-Site Request Forgery (CSRF) vulnerability in SAP Customer Relationship Management
The Java component in SAP CRM has CSRF.
network
sap CWE-352
6.8
6.8
2017-10-13 CVE-2016-1265 Cross-Site Request Forgery (CSRF) vulnerability in Juniper Junos Space
A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information leak and command injection attack vectors.
network
low complexity
juniper CWE-352
7.5
7.5